What’s the greatest security risk?

While boardrooms across the U.S. report growing prioritization of endpoint security, risk continues to grow and evolve and IT departments are racing to keep up, according to a study by the Ponemon Institute.

Endpoint security threats have become more difficult to stop or mitigate in the last two years, say 71 percent of the 676 IT and IT security professionals responding to the study. Topping the list of this year’s greatest risks is mobile devices.

More than 75 percent said mobile devices pose the biggest threat in 2014, up from just 9 percent in 2010. Additionally, 68 percent say their mobile devices have been targeted by malware in the last 12 months, yet 46 percent of respondents say they do not manage employee-owned mobile devices.

“We’ve seen the threat landscape fundamentally change over the last five years,” said Dr. Larry Ponemon. “Trending data shows increasing concern, year over year, over the explosion of mobile devices on the network. It’s now IT’s greatest risk. And unfortunately, 46 percent of our respondents report no efforts are in place to secure them.”

Targeted attacks, or APTs are also increasingly concerning for survey respondents. This year, 39 percent report APTs as one of their most concerning risks, up 55 percent from 2009.

While 40 percent report they were a victim of a targeted attack in the last year, another 25 percent say they aren’t sure if they have been, revealing many organizations don’t have security mechanisms in place to detect such an attack. For those that have experienced such an attack, spear phishing emails sent to employees were identified as the number one attack entry point.

Respondents also report the volume of malware continues to be an escalating problem. The survey found that 41 percent say they experience more than 50 malware attacks a month, up 15 percent from those that reported that amount three years ago. And malware attacks are costly, with 50 percent saying their operating expenses are increasing and 67 percent saying malware attacks significantly contributed to that rising expense.

Despite rising costs, IT budgets have not increased for the majority. While 65 percent report they prioritize endpoint security, IT budgets do not reflect this shift. Just 29 percent say their budgets have increased in the past 24 months.